That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
Fix #70091: Phar does not mark UTF-8 filenames in ZIP archives
The default encoding of filenames in a ZIP archive is IBM Code Page
437. Phar, however, only supports UTF-8 filenames. Therefore we have
to mark filenames as being stored in UTF-8 by setting the general
purpose bit 11 (the language encoding flag).
The effect of not setting this bit for non ASCII filenames can be seen
in popular tools like 7-Zip and UnZip, but not when extracting the
archives via ext/phar (which is agnostic to the filename encoding), or
via ext/zip (which guesses the encoding). Thus we add a somewhat
brittle low-level test case.
Nikita Popov [Tue, 26 Jan 2021 14:15:18 +0000 (15:15 +0100)]
Fix VAR return type verification
We should also set retval_ref when de-indirecting. Otherwise the
retval_ref != retval_ptr comparison below may incorrect assume
that we're returning a reference.
I don't have a reliable reproducer for this issue, but it sometimes
appears in certain configurations in arrow_functions/007.phpt in
conjunction with other changes.
Fix #53251: bindtextdomain with null dir doesn't return old value
Apparently, users expect `bindtextdomain` and `bind_textdomain_codeset`
with `null` as second argument to work like their C counterparts,
namely to return the previously set value. Thus, we support that.
Nikita Popov [Mon, 25 Jan 2021 13:36:18 +0000 (14:36 +0100)]
Fix parsing of semi-reserved tokens at offset > 4 GB
To avoid increasing the size of parser stack elements by storing
size_t offset and length, this instead only stores the start
offset (or rather pointer now) and determines the length of the
identifier in zend_lex_tstring.
Nikita Popov [Mon, 25 Jan 2021 10:12:21 +0000 (11:12 +0100)]
Improve error message for leading comma in keyed list assignment
Print "Cannot use empty array entries in keyed array assignment"
instead of "Cannot mix keyed and unkeyed array entries in assignments"
for a leading comma.
Darek Slusarczyk [Sat, 23 Jan 2021 16:14:13 +0000 (17:14 +0100)]
Fix #80330: Replace language in APIs and source code/docs
Rename MYSQLI_REFRESH_SLAVE to MYSQLI_REFRESH_REPLICA in line with
upstream change in MySQL. The old name is retained for
backwards-compatibility reasons, and may be deprecated/removed in
the future.
Dusk [Mon, 4 Nov 2019 02:51:49 +0000 (18:51 -0800)]
Add array_is_list(array $array) function
This function tests if an array contains only sequential integer keys. While
list isn't an official type, this usage is consistent with the community usage
of "list" as an annotation type, cf.
https://psalm.dev/docs/annotating_code/type_syntax/array_types/#lists
Rebased and modified version of #4886
- Use .stub.php files
- Add opcache constant evaluation when argument is a constant
- Change from is_list(mixed $value) to array_is_list(array $array)
RFC: https://wiki.php.net/rfc/is_list
Co-Authored-By: Tyson Andre <tysonandre775@hotmail.com> Co-Authored-By: Dusk <dusk@woofle.net>
Closes GH-6070
Alex Dowad [Thu, 24 Sep 2020 08:40:49 +0000 (10:40 +0200)]
Update 'East Asian Width' table to comply with Unicode 13.0
Instead of manually maintaining the data in eaw_table.h, it is now automatically
generated by ucgendat/ucgendat.php, using the EastAsianWidth.txt file from
the Unicode Consortium.
Something must be said about the deleted test case. Back in 2004, someone
noticed that `mb_strwidth` didn't comply with Unicode 4.0. A test case was
added to expose the problem. Well, time keeps moving on, and with the changing
years, new Unicodes are born and old Unicodes die. Some characters which were
counted as double-width in Unicode 4.0 are no longer such in Unicode 13.0,
which renders the test case obsolete.
At the same time, make a couple of spelling/grammar fixes in ucgendat.php.
Nikita Popov [Mon, 18 Jan 2021 09:55:29 +0000 (10:55 +0100)]
Rename zend-test to zend_test
The extension name should match the name of the ext/ directory,
otherwise it will not get picked up by run-tests. It would be possible
to remap this in run-tests, but I think it's better to rename the
extension to follow the standard format. Other extensions also
use underscore instead of hyphen (e.g. pdo_mysql and not pdo-mysql).
Of course, the ./configure option remains hyphenated.
sj-i [Sun, 20 Dec 2020 06:57:54 +0000 (15:57 +0900)]
Fixed bug #42560
Check open_basedir after the fallback to the system's temporary
directory in tempnam().
In order to preserve the current behavior of upload_tmp_dir
(do not check explicitly specified dir, but check fallback),
new flags are added to check open_basedir for explicit dir
and for fallback.
Dylan K. Taylor [Mon, 11 Jan 2021 22:39:14 +0000 (22:39 +0000)]
Keep JIT region executable under ZTS
When one thread tries to compile a script, another thread may
already be executing JITed code. In this case we can't make the
memory non-executable.
This violates the W^X principle, but doesn't seem to be avoidable
for ZTS builds for now. The same problem does not exist for NTS,
as it's a different process executing there, which has it's own
memory protection mapping.
Nikita Popov [Tue, 19 Jan 2021 08:59:26 +0000 (09:59 +0100)]
Disable opcache optimizations during some observer tests
Opcache inlines functions that only return a constant. Disable
optimizations to prevent differences in tests where such functions
are used (or rewrite the test to not depend on it).
projects / php / log